freeipa admin password reset

ldap freeipa
5,613

Do not use cn=compat entry for your password changes. cn=compat is read-only compatibility tree which is automatically generated against the primary data tree in cn=accounts. Compat tree entries have no passwords.

Your problem is that you are trying to change password of an entry that is purposedly read-only and that is implemented via a plugin purposedly not providing a password field in the entries.

Share:
5,613

Related videos on Youtube

580farm
Author by

580farm

Updated on September 18, 2022

Comments

  • 580farm
    580farm almost 2 years

    I'm trying to figure out how to reset my freeipa3 admin password. I'm able to see the user when I search the domain:

     [root@ipaserver ipa]# LDAPTLS_CACERT=/etc/ipa/ca.crt ldapsearch -h localhost -ZZ -x -b uid=admin,cn=users,cn=compat,dc=central,dc=example,dc=com
 # extended LDIF
 #
 # LDAPv3
 # base <uid=admin,cn=users,cn=compat,dc=central,dc=example,dc=com> with scope subtree
 # filter: (objectclass=*)
 # requesting: ALL
 #

 # admin, users, compat, central.example.com
 dn: uid=admin,cn=users,cn=compat,dc=central,dc=example,dc=com
 objectClass: posixAccount
 objectClass: top
 gecos: Administrator
 cn: Administrator
 uidNumber: 1909600000
 gidNumber: 1909600000
 loginShell: /bin/bash
 homeDirectory: /home/admin
 uid: admin

    and I found this only snippet (it seems) on the web for resetting my password.

    When I try that however I get the following message:

     [root@ipaserver ipa]# LDAPTLS_CACERT=/etc/ipa/ca.crt ldappasswd -ZZ -D      'cn=directory manager' -W -S      uid=admin,cn=users,cn=compat,dc=central,dc=example,dc=com
 New password:
 Re-enter new password:
 Enter LDAP Password:
 Result: No such object (32)
 Additional info: Failed to update password

    Anyone with past experience with resetting the admin freeIPA server that might have some suggestions?

  • abbra
    abbra over 8 years
    You can reset the password for admin but you are doing it wrong -- you are attempting to use wrong LDAP object, the one which has no password associated and is merely a display. Think about eating a cake and looking at the picture of a cake. You are trying to eat a picture of a cake in your example above. All your IPA users are stored in cn=users,cn=accounts,dc=central,dc=example,dc=com subtree, not in cn=users,cn=compat,dc=central,dc=example,dc=com. Thus, your admin user is uid=admin,cn=users,cn=accounts,dc=central,dc=example,dc=com.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Build a production IPA server without integrate DNS and NTP with client
LDAP + KERBEROS + NFS. Why do I need idmapd?
how to export all FreeIPA users list to a csv format?
Google authenticator with Openldap or Fedora 389 Server or FreeIPA
IPA vs just LDAP for Linux boxes - looking for a comparison
What are the other alternative to test a LDAP connection on linux machine
How to enable LDAP extension for PHP in Ubuntu
LDAP: How to add a new user to a group inside an OU
LDAP - List groups
How to query for members of an LDAP group using Powershell not in MS Active Directory